drop prefetch shimcache browser history and registry exports · detect behavioral patterns indicating the subject is aware of or responding to an investigation · identify forensic tool scanning and evidence scrubbing triggered by external events · surface reactive anti-forensic behavior · runs locally
awareness searches · reactive cleanup within 24h · self-forensic tools · encrypted comm pivot · hygiene spikes
drop prefetch · shimcache · browser history · registry exports